README.md

ndff (nDPI for fluentd)

ndff is a flow collector with nDPI library for fluentd.
ndff has been implemented on the basis of ndpiReader which is an example in nDPI.

Overview

nDPI is an open source LGPLv3 library for deep-packet inspection.
ndpiReader is an example in nDPI which has the following features.

Detect the protocol from packets (pcap files or devices)

Apply a BPF filter for filtering selected traffic

Export the content of packets to a file in JSON format

etc...

It's very userful if the results of nDPI can be analyzed in fluentd.
So, ndff aggregates packets as a flow like NetFlow and forwards the results to the fluentd server in the form of JSON or MessagePack.